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import java.util.*; 

import java.io.*; 

import javax. servlet . *; 

import javax. servlet . http. *; 



public class TraditionalDemo extends HttpServlet { 
private Vector mCookies = new Vector (); 
private Hashtable mUsers = new Hashtable(); 
public void service (HttpServletRequest req, HttpServletResponse res) 
throws ServletException, IOException { 
try { 

// 

// check for sign-in 
// 

String cmd = req. getParameter ( "Command" ) ; 
if (cmd != null && cmd. equals ( "Signln" ) ) { 

String username = req. getParameter ( "Username" ) ; 

String password = req. getParameter { "Password" ) ; 

if (username == null) { showError (req, res , "Username not 

else if (password == null) { showError (req, res, "Password 
else { 

// this application sign-in approach has the 

// that the user database and access control are 

// this particular application and therefore not 

// when there are a lot of applications 
Buf feredReader br = new Buff eredReader (new 



specified. " ) ; } 
not specified.") 

disadvantage 
specific to 
easy to manage 



FileReader ("UserDB") ) 



= 1 ) continue; 



boolean done - false; 
String line; 
int i; 

while ( (line=br . readLine ( ) ) ! = null) { 
line = line.trimO; 

if {line. equals ("") i! line . charAt (0) -= 

i = line. indexOf ( ) ; 
if (i == -1) continue; 

if (username . equals (line . substring (0, i) ) ) { 
// user database without password 



encryption to 

(password. equals (line . substring (i+1) ) ) { 

(mUsers . containsKey (username) ) { 
1; i >= 0; i — ) { 



// simplify this demonstration 
if 

// authentication successful 

String cookie; 

if 

// remove all cookie 

for (i = mCookies . size ( ) - 
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(String) mCookies . elementAt (i) ; 

(username. equals (cookie . substring ( 0, cookie . indexOf ('.')))) { 
mCookies. removeElementAt (i) ; 



cookie - 
if 



break; 



} 



} 



username+", n +getRandomId ( ) ; 

( I mCookies . contains (cookie) ) break; 

( ! mUsers . containsKey (username) ) { 
Hashtable ( ) ; 

initialization of user values 
Cookie ("Session", cookie) ; 



} 

/ / send session cookie 
while (true) { 
cookie = 

if 



mCookies. addElement (cookie) ; 
if 

Hashtable h = new 

// non object-oriented 

h. put ("Balance", "0") ; 
mUsers .put (username , h ) ; 



} 

Cookie c = new 



c.setPath(req.getServletPath() ) ; 
res.addCookie(c) ; 
String url = 

"http : //"+req. getServerName ( ) +" : "+req. getServerPort ( ) +req. getServletPath ( ) ; 

String querystr = 

req. getQueryString ( ) ; 



! querystr. equals <"") ) url += "?"+querystr; 
1) ?"?":"&") +"Session="+getRandomId( ) ; 



if (querystr != null && 
url += ( (url.indexOf ( • ? f ) ==- 
// this is done so that Netscape 



will not complain that response contains no data. 

res . setStatus (HttpServlet Response . SC_MOVED_TEMPORARILY) ; 

res . setHeader ( "Location" , url ) ; 
} else { 

showError (req, res, "Password not 



valid. ,f ) ; 



} 



} 

break; 



not valid. ") ; } 



} 

if (line == null) { showError (req, res, "Username 
br. close ( ) ; 



} 

return; 
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// 

// get cookie 
// 

Cookie cookies [] = req . getCookies ( ) ; 
String cookie = null; 
if (cookies != null) { 

for (int i = 0; i < cookies . length; i++) { 

if (cookies [i] . getName ( ) . equals ( "Session" ) ) { 
cookie = cookies [ i] . getValue () ; 
break; 

} 

} 

} 

if (cookie != null && ! mCookies . contains ( cookie ) ) cookie = 

null ; 

// 

// show sign-in 
// 

if (cookie == null) { 

res. setContentType ("text /html" ) ; 

PrintWriter pw = res . getWriter ( ) ; 

pw . print In ( "<htmlxbody><cent er> " 
+"<h2>Sign-In</h2>" 
+"<form method=post 
action="+req. getServletPath ( ) +">" 

+ "< input type=hidden name<ommand value=SignIn>" 

+ "<tableXtrXtd>Username : </td>" 

+ "<tdxinput type=text name =User name 

size=30x/td>" 

+ "</tr><trxtd>Password: </td>" 

+ "<tdxinput type=password name=Password 

size=30x/td>" 

+"</tr></table>" 

+"<input type=submit value= ! 0K T >" 
+"</form>" 

+ "</centerX/bodyX/html>") ; 
return; 

} 

// 

// do account 
// 

// get user hashtable which is used to keep all 

information/ values 

// related to a particular user 

// this approach is weak because the hashtable is not really 

an 

// object-oriented representation of the user and there is no 
// type-checking for the values stored in the hashtable 
Hashtable user = 
(Hashtable)mUsers. get (cookie. substring(0,cookie*indexOf (' .'))); 

String balance - (String) user . get ( "Balance" ) ; 
if (cmd == null) { 

showForm(req, res , balance) ; 
} else if (cmd. equals ("Deposit") ) { 

String value = req. get Parameter ( "Value" ) ; 

balance = 

String. valueOf ( Integer - parselnt (balance) ^Integer . parselnt (value) ) ; 
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user .put ( "Balance" , balance) ; 

showForm (req, res, balance) ; 
} else if {cmd . equals { "Withdraw" ) ) { 

String value = req. get Parameter ( "Value" ) ; 

balance = String . valueOf ( Integer . parselnt (balance) 
Integer . parselnt (value) ) ; 

user. put ("Balance", balance) ; 

showForm (req, res , balance ) ; 
} else { 

showForm (req, res, balance) ; 

} 

} catch (Exception e) { 

e . printStackTrace ( ) ; 

} 

} 

private static final void showForm ( HttpServletRequest 
req, HttpServletResponse res, 

String balance) throws Exception { 
res . setContentType ("text /html") ; 
PrintWriter pw = res . getWriter () ; 
pw . println ( "<htmlxbodyXcenter>" 
+ "<h2>Account< /h2> " 
+"<table>" 

+ "<trXtd>Balance : </td>" 
+"<td>"+balance+"</td>" 
+ "<td> </tdx/tr>" 

+"<form method=get action="+req. getServletPath ( ) +">" 
+"<input type=hidden name=Command value=Deposit>" 
+"<tr><td>Deposit : </td>" 

+ "<tdxinput type^text name=Value size=30x/td>" 
+ "<tdxinput type=submit value= ' OK 1 ></ tdx/tr>" 
+ "</form>" 

+"<form method=get action="+req. getServletPath ( ) +">" 
+"<input type=hidden name=Command value=Withdraw>" 
+ " < t rxt d>Wi thdraw : < / td> " 

+ "<tdxinput type=text name=Value size=30x/td>" 
+"<tdxinput type=submit value=' 0K T x/tdx/tr>" 
+"</form>" 
+ M </table>" 

+ M </centerx/bodyx/html>"> ; 

} 

private static final String getRandomld { ) { 

// value range from 0 to 2147483648 inclusive 

Random r = new Random ( (new Date() ) . get Time ( ) ) ; 

int rint = r.nextlntO; 

rint = (rint < 0) ? -l*rint : rint; 

return String. valueOf (rint) ; 

} 

private static final void showError (HttpServletRequest 
req, HttpServletResponse res, 

String message) throws Exception { 
res . setContentType ( "text /html" ) ; 
PrintWriter pw - res . getWriter () / 
pw. println ( "<html><bodyXcenter>" 
-f "<h2>Error</h2>" 
+ " <p> "+message+ " < /p> " 

+ H <form method=get action="+req. getServletPath ( ) +">" 
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M <input type=submxt value^ ' OK ' > " 
M </form> ,r 

"</center></body></html>") ; 
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import java.io.*; 
import javax . servlet . * ; 
import javax . servlet . http. *; 



public class InventionDemo extends HttpServlet { 
private int balance; 

// there is type-checking for application values such as balance 

public void service (HttpServletRequest req, HttpServletResponse res) 
throws ServletException, IOException { 
try { 

// 

//do not need to check for sign-in 
// 

//a central user database can be maintained for all 

applications 

// 

// system administration can assign access control in a 

flexible manner 

// 

// do not need to get cookie 
// 

//do not need to show sign-in 
// 

// do not need to get user hashtable or session object 
// which is used to keep all information/values 
// related to a particular user 
// 

// this object is an object-oriented representation of this 

application 

// and there is type-checking for the values stored such as 

balance 

// 

// go straight to do account 
// 

String cmd = r eq. get Parameter ("Command") ; 
if (cmd == null) { 

showForm (req, res , balance) ; 
} else if (cmd. equals ("Deposit") ) { 

String value = req. getParameter ( "Value") ; 

balance += Integer .parselnt (value) ; 

showForm (req, res, balance) ; 
} else if (cmd. equals ( "Withdraw") ) { 

String value = req. getParameter ( "Value" ) ; 

balance -= Integer .parselnt (value) ; 

showForm (req, res, balance) ; 
} else { 

showForm (req, res, balance) ; 

} 

} catch (Exception e) { 

e . pr intStackTrace { ) ; 

} 

} 

private static final void showForm (HttpServletRequest 
req, HttpServletResponse res, 
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int balance) throws Exception { 
res . setContentType ("text/html" ) ; 
PrintWriter pw = res . getWriter { ) ; 
pw. println ( ,f <htmlxbody><center> M 

+ " <h2 >Account < /h2 > rr 

+"<table>" 

+ "<trXtd>Balance : </td>" 
+"<td>"+balance+"</td>" 
+ "<td> </tdx/tr>" 

+"<form method=get action="+req . getServlet Path { ) + 
+"<input type=hidden name=Command value=Deposit>" 
-f "<trXtd>Deposit : </td>" 

+ "<tdxinput type=text name=Value size=30x/td>" 
+ "<tdxinput type=submit value= * 0K r ></tdx/tr> rr 
+"</form>" 

+"<form method=get action= n +req. getServletPath { ) + 
+"<input type=hidden name=Command value=Withdraw> 
+ "<trXtd>Withdraw: </td>" 

+ "<tdxinput type=text name-Value size=30x/td>" 
+ "<td><input type=submit value= 1 0K T x/tdx/tr>" 
+"</form>" 
+"</table>" 

+ "</centerx/bodyx/html>") ; 
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